Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

newest combofix showing as infected ??


  • Please log in to reply
2 replies to this topic

#1 spameaterz

spameaterz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 26 August 2014 - 08:33 AM

seems like every couple of months, i see this behavior - any ideas why ?? yeah, i know that sometimes things get misflagged, but by 8 AV companies at once ? https://www.virustotal.com/en/file/1d84b39efb18a69cbf5d6bda8a69936a08b3b01e888dee1a9c332d012b71fb0c/analysis/1409059608/

BC AdBot (Login to Remove)

 


m

#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,681 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:39 AM

Posted 26 August 2014 - 08:40 AM

Hi,

 

ComboFix is a very powerful tool, to be able to do what it does, it has to have capabilities that you will often find in malware as well:

Forcefully kill a running process, scan running processes, scan files on the system, etc.. These are typical behaviours you will see both in AV and anti-malware tools (trying to find malware and kill it) and malware (trying to find AVs and kill it). Therefore these anti-malware tools are very prone to false positives.. Much more than, say, a music player or a video player.

 

Unfortunately this can't really be changed, unless one of the two stops going after the other.. But we both know this won't happen.

 

regards

myrti


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:39 PM

Posted 26 August 2014 - 04:11 PM

The problem is really with the anti-virus vendors who keep targeting specialized fix tools and NOT with ComboFix. We can inform the developer but he has encountered this issue many times before and in most cases there isn't much he can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.

sUBs frequently updates ComboFix and much of his time is involved with doing that in order to keep ahead of the malware writers. The remainder is spent addressing bugs, issues and questions by forum experts helping others with infected computers. He simply does not have the time to submit samples to anti-virus vendors every time he releases a new version of ComboFix.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users